US Fertility Hit By Ransomware Attack!

Global organizations are in the midst of a massive wave of ransomware attacks over the course of 2020. In the third quarter of this year, the ransomware attacks have increased by 40% to 199.7 million cases globally. The United States of America alone observed 145.2 million ransomware attacks in the mentioned period.

In the past month, US Fertility (USF), the largest network of fertility centers in America, has been hit by a ransomware attack. Personal health information, including social security numbers, has been stolen.

US Fertility comprises 55 clinics across 10 American states. The company had completed almost 25,000 IVF cycles in 2018 through its fertility network, including Shady Grove Fertility, Reproductive Science Center of San Francisco, IVF of Florida, and Fertility Center of Illinois.

In September 2020, cybercriminals attacked USF with ransomware, affecting almost half of its locations. The company immediately responded to the incident by shutting down several servers and computer systems connected to the network. It also notified federal law enforcement about the security incident and initiated an investigation.

Read More: 18 Tips To Prevent Ransomware Attacks

“On September 14, 2020, USF experienced an IT security Incident that involved the inaccessibility of certain computer systems on our network as a result of a malware infection. We responded to the incident immediately and retained third-party computer forensic specialists to assist in our investigation,” notified USF on November 25.

“Through our immediate investigation and response, we determined that data on a number of servers and workstations connected to our domain had been encrypted by ransomware.”

Although the company acknowledged the ransomware attack on September 14, the digital forensic specialists discovered that the cyber attackers had first gained access to USF’s network a month earlier, on August 12.

During the month-long unnoticed presence in the network, the threat actors acquired access to files that contained patient information, including names, dates of birth, addresses, MPI numbers, and social security numbers.

Meanwhile, US Fertility informed that there is no evidence of actual misuse of any patient’s information due to the ransomware attack.

“The types of information impacted vary by individual, and we determined that for many individuals, Social Security numbers were not impacted,” said USF.

Following the cyberattack, USF strengthened its firewall security and deployed digital forensic specialists to monitor network activity and address any suspicious activity.

“We take this incident very seriously and are committed to protecting the security and confidentiality of health information we gather in providing services to individuals,” said Mark Segal, USF CEO.

The healthcare data breaches in 2020 continue to be a major concern across the world, with the predicted losses set to reach USD 6 trillion by the end of the year.

Earlier, Universal Health Services (UHS), one of the largest hospital systems in America, was attacked by the Ryuk ransomware, forcing the closure of some affected emergency rooms.

Also Read: